Exhibit ethical hacking protocols to evaluate the security of and identify vulnerabilities in target systems, networks, or system infrastructure.
Red Team Course-End Project
The Penetration Testing Problem Career Simulation 3 Introduction In this career simulation, you will use your newfound knowledge of the vulnerabilities assessment and risk management to work through a problem. Using techniques learned in this bootcamp, you will examine and explain which tools and techniques to use for the best possible outcomes. Additionally, you will write a penetration testing report for your client that documents your findings. Learning Objectives Your deliverable for this career simulation should demonstrate your understanding of the following learning objectives. These objectives will be used for grading. Vulnerabilities Assessment • Exhibit ethical hacking protocols to evaluate the security of and identify vulnerabilities in target systems, networks, or system infrastructure. • Perform vulnerability scanning using a variety of tools. • Use and configure tools to perform offensive security techniques. • Use modules within Metasploit and explain their purpose. • Establish Meterpreter sessions and explain how to use them. • Look for privilege escalation opportunities through lateral movement. • Apply the pass-the-hash technique to take advantage of flaws in NTLM authentication. Interpersonal Skills • Develop constructive and cooperative working relationships. • Identify problems by using a group approach and develop solutions based on a group consensus. • Apply active listening skills by using reflection, restatement, questioning, and clarification. • Convey information clearly, correctly, and succinctly. • Respond appropriately to positive and constructive feedback. • Reach agreements that promote mutual goals and interests.
Problem Solving • Observe and evaluate the outcomes of implementing solutions to assess the need for alternative approaches and to identify lessons learned. • Recall previously learned information that is relevant to the problem. • Use a security mindset to identify assets and security goals, potential adversaries and threats, and potential weaknesses. • Have sufficient inductive and deductive reasoning abilities to successfully do the job. • Use man pages to learn about unfamiliar commands and/or switches. • Search for online information and interact with websites and web applications. • Critically review, analyze, synthesize, compare, and interpret information. Writing • Communicate thoughts, ideas, and information, which might include technical material, in a logical, organized, and coherent manner. • Tailor the content to the appropriate audience and purpose. • Analyze penetration reports and explain their purpose. Scenario Simplilearn has reviewed your team’s report and is satisfied with the results! Because your team did such a great job, they would like a follow-up penetration test with an isolated portion of the network that was not part of the original engagement. However, this isolated portion of the network has a small number of systems, so it doesn’t make sense for your entire team to be involved with this follow-up engagement. Instead, your team has assigned you to complete the penetration test for this isolated network on your own, as you have proven yourself ready to handle this kind of engagement! Rules of Engagement 1. You are authorized to only scan and attack systems that reside on the same /20 subnet on which your Kali instance resides (e.g., if the IP of your Kali instance is 172.31.6.161, you are only authorized to scan and attack systems on the 172.31.6.0/20 subnet). 2. No social engineering or client-side exploits are needed or permitted on this penetration test. 3. You are allowed to work with your classmates on this penetration test.
4. Everything you need to complete this test should be available to you on the systems already; there should be no need to download outside tools for this penetration test. Problem Use Course 6 – Capture the Flag machine to complete these challenges. Take notes and screenshots of your findings to use as you develop a report in the following section. Challenge 1: Network Scanning 1. Perform a NMap port scan on the /20 subnet on which your Kali resides. Be sure to scan all 65535 ports for any systems found 2. From the scan results, do you see any systems with port 1013 open? 3. From the scan results, do you see any servers with port 2222 open? 4. From the scan results, how many Windows systems can you identify on the network? Hint: What systems have port 445 open? Challenge 2: Initial Compromise Can you figure out a way to compromise the service running on port 1013 to gain command line access to the system running it? Challenge 3: Pivoting Can you find any files on this web server that will allow you to laterally move to the system with port 2222 open? Challenge 4: System Reconnaissance Are there any privilege escalation opportunities on this system you laterally moved to? Check for sensitive files with passwords in them. A privilege escalation checker script has been provided to you in the /opt directory for this purpose. Challenge 5: Password Cracking Can you crack the hash found within the sensitive file found on this system? Make sure to use the wordlists found on your Kali instance within /usr/share/wordlists. Challenge 6: Metasploit Now that you have a username/password, can you establish a Meterpreter session on a Windows system found on the network with this username/password?
Challenge 7: Passing the Hash Are there any accounts found on this system that can be used to laterally move to another Windows system on the network? Challenge 8: Finding Sensitive Files 1. Now that you have laterally moved to another Windows system, can you find the secrets.txt file on it? Part of penetration testing is figuring out new ways to utilize your existing toolsets. There is a search function within Meterpreter that can prove useful for this purpose. 2. What command from Meterpreter can be used to print the contents of files? 3. Determine what is contained within the secrets.txt file. Report Your manager, Jamar, would like you to write a report that will be shared with Simplilearn describing: • Objective of the penetration test • Tools used • Findings (including what is contained within the secrets.txt file). Refer to the previous lesson, for example penetration testing reports. Use the Penetration Testing Report Links to an external site. template as a guide for writing your report.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
